<?php
require_once('../inc/connect.php');

$section = 'User';
session_start();

$email = $_POST['email'];
$password = $_POST['password'];

$error;

if($email && $password)
{
    $connect = mysql_connect(DB_HOST, DB_USER, DB_PASS)
        or die('Unable to connect to server!');
    
    mysql_select_db(DB_NAME)
        or die('Unable to select database!');
    
    $query = mysql_query("SELECT * FROM users WHERE email='$email'");
    $numrows = mysql_num_rows($query);
    
    if($numrows != 0)
    {
        while($row = mysql_fetch_assoc($query))
        {
            $dbemail = $row['email'];
            $dbpassword = $row['password'];
        }
        
        if($email == $dbemail && md5($password) == $dbpassword)
        {
            $_SESSION['email'] = $dbemail;
        }
        else
            $error = "Incorrect password!";
    }
    else
    {
        $error = "User does not exist!";
    }
}
else
    $error = "Please enter email and password!";


if($error)
    header("Location: ./");
else
    header("Location: member.php");

?>
